Releases: cuper6/SEnginx
Releases · cuper6/SEnginx
senginx 1.8.7
senginx 1.8.6
*) Fixed: Nginx_status "writing connections" grows up if using whitelist module
*) Fixed: duplication a blacklist counter while registering modules in the blacklist module
*) Change: whitelist module: NGX_HTTP_WL_ADDR_TIMEOUT => 5s
senginx 1.8.5
*) Fixed: limit_req directive in senginx can accept up to 5 parameters.
senginx 1.8.4
*) Fixed: In some cases existed ip_blacklist node might not be attached to the new request resulting incorrect ref-cleaning.
*) Cnahge: after blocking ip_blacklist node in sys mode the node is deleted (marked as expired) after successfull calling the system command.
*) Fixed: ip_blacklist: in some cases new node counters may be initialized for not all the calling modules. This may result missing some attacks.
senginx 1.8.3
*) Bugfix: coredump in ngx_http_whitelist: sometimes ngx_http_wl_resolve_addr_handler is called after r->pool already destroyed in the ngx_http_free_request.
Now we do not call ngx_http_core_run_phases if r->pool is null (otherwise it will cause crash in the ngx_palloc).
*) Bugfix: ip_blacklist: now an IP is blocked not only if the count reaches max threshold (==), but if the count overs the max threshold too (>=). Otherwise some IPs already having non-zero failed count value may not be blocked at all if max threshold was decreased in the config without further flushing the blacklist.
*) Change: ip_blacklist_flush page shows the results, returns 200 instead of 444. Now it is possible to remove only one IP address from the blacklist.
*) Change: ip_blacklist_show page now accepts the "debug" parameter.
*) Change: whitelist - default timeout (caching time) for reverse dns lookup results (NGX_HTTP_WL_ADDR_TIMEOUT) changed from 5s to 1 hour.
*) Feature: [tests] Nginx.pm - optional timeout parameter and support for kill TERM in stop method. New read_file method.
*) Change: [tests] tests for ua_whitelist with reverse dns lookup are stopped in 3 sec (send to nginx TERM signal in 3 seconds after QUIT signal).
senginx 1.8.2
*) Feature: the "ip_blacklist_ttl" directive.
*) Change: ngx_http_ip_blacklist_modules array is inialized at definition.
*) Change: enhanced algorithm for clearing not blocked ip_blacklist nodes (based on the ttl value).
*) Feature: ip_blackist log now shows which module caused IP blocking.
*) Feature: ip_blacklist_show page now shows all IP addreses (incl. unblocked).
Format changes: added "blocked local" prefix, ttl, counters for modules registered at ip_blacklist,
removed debug info ("timed out", "ref", "blacklist"), added link to whois for each IP.
*) Feature: naxsi module now supports dynamic IP blocking by senginx ip_blacklist module.
*) Feature: the "naxsi_blacklist" directive.
*) Feature: the "naxsi_ip_blacklist.t" test script.
*) Change: demo.html now shows naxsi libinjection_xss and libinjection_sql attacks statistics.
*) Change: Updated SEnginx documentation at http://senginx.ru
senginx 1.8.1
*) Feature: upgrade naxsi to 1.3.
*) Change: ngx_http_statistics support for naxsi 1.3.
senginx 1.8.0
*) Feature: upgrade to original nginx 1.18.0.
*) Change: update several test scripts
*) Bugfix: --with-debug compilation error in http_upstream_fair_module
*) Restored wiki site: http://senginx.ru